US9552482B2ActiveUtilityA1
Method for determining debug authorization for motherboard control module and associated motherboard control module
Est. expiryMar 29, 2033(~6.7 yrs left)· nominal 20-yr term from priority
Inventors:Chien-Hsing Huang
G06F 2221/2105H04L 9/3247G06F 21/71G06F 21/57H04L 2209/127
49
PatentIndex Score
0
Cited by
8
References
20
Claims
Abstract
By comparing a chip unique password, certification for activating a debug function can be established on the chip unique password. Thus, even when the chip unique password is lost due to negligence, not only certification for activating debugging on other motherboards of the same model number can remain unaffected, but also risks caused by replacing a chip or by a private key leakage from a system manufacturer are eliminated.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1. A method for determining debug authorization for a motherboard control module, the motherboard control module comprising a chip and a flash memory, the chip storing a device identity of the motherboard control module, the flash memory comprising a plurality of data regions; the method comprising:
obtaining a corresponding chip unique password according to the device identity and a data region identity of a first data region of the data regions; and
comparing a characteristic of the chip unique password with a first chip unique reference password stored in the first data region, encrypting the first data region when the characteristic of the chip unique password matches the first chip unique reference password to generate a digital signature, and, upon receipt of a debug approval from an entity to which the digital signature is sent, deactivating a digital signature authentication mechanism to authorize an execution of debugging of the flash memory,
wherein when the digital signature authentication mechanism is deactivated, the execution of debugging of any of the data regions is authorized.
2. The method according to claim 1 , wherein the step of comparing the characteristic of the chip unique password with the first chip unique reference password comprises:
authorizing the execution of debugging when the chip unique password is identical to the first chip unique reference password.
3. The method according to claim 1 , further comprising:
after obtaining the chip unique password, encrypting the chip unique password by an encryption algorithm to generate an encrypted chip unique password;
wherein, the characteristic of the chip unique password is the encrypted chip unique password.
4. The method according to claim 3 , wherein when the characteristic of the chip unique password matches the first chip unique reference password, the step of deactivating the digital signature authentication mechanism to authorize the execution of debugging of the flash memory comprises:
authorizing the execution of debugging when the encrypted chip unique password is identical to the first chip unique reference password.
5. The method according to claim 1 , further comprising:
encrypting the first data region by an exclusive proprietary private key of a motherboard manufacturer of the motherboard control module to generate a digital signature;
sending the digital signature to the first data region; and
decrypting the digital signature by a public key corresponding to the first data region in the first data region to verify certification of the digital signature;
wherein, the public key and the private key are a pair of mutually exclusive keys.
6. The method according to claim 1 , wherein the chip unique password is stored in a database provided by a motherboard manufacturer of the motherboard control module.
7. A method for determining debug authorization for a motherboard control module, the motherboard control module comprising a chip and a flash memory, the chip storing a device identity of the motherboard control module, the flash memory comprising a plurality of data regions; the method comprising:
obtaining a corresponding chip unique password according to the device identity and a data region identity of a first data region of the data regions; and
comparing a characteristic of the chip unique password with a first chip unique reference password stored in the first data region, and encrypting the first data region by an exclusive proprietary private key of a motherboard manufacturer when the characteristic of the chip unique password matches the first chip unique reference password to generate a digital signature;
sending the digital signature to a system manufacturer, and waiting to receive a debug approval corresponding to the digital signature from the system manufacturer; and
upon receiving the debug approval, deactivating a digital signature authentication mechanism of the flash memory to authorize an execution of a debug function of the flash memory.
8. The method according to claim 7 , wherein the step of comparing the characteristic of the chip unique password with the first chip unique reference password comprises:
utilizing the chip unique password to generate the digital signature when the chip unique password is identical to the first chip unique reference password.
9. The method according to claim 7 , further comprising:
after obtaining the chip unique password, encrypting the chip unique password by an encryption algorithm to generate an encrypted chip unique password;
wherein, the characteristic of the chip unique password is the encrypted chip unique password.
10. The method according to claim 9 , when the characteristic of the chip unique password matches the first chip unique reference password, the step of encrypting the first data region by the exclusive proprietary private key of the motherboard manufacturer to generate the digital signature comprises:
encrypting the first data region by the exclusive proprietary private key of the motherboard manufacturer of the motherboard control module when the encrypted chip unique password is identical to the first chip unique reference password to generate the digital signature.
11. The method according to claim 7 , wherein the encryption algorithm is a Direct Memory Access (DMA) mechanism supported by Advanced Encryption Standard (AES).
12. The method according to claim 7 , further comprising:
sending the digital signature to the first data region; and
decrypting the digital signature by a public key corresponding to the first data region in the first data region to verify certification of the digital signature;
wherein, the public key and the private key are a pair of mutually exclusive keys.
13. The method according to claim 7 , wherein the chip unique password is stored in a database provided by the motherboard manufacturer.
14. The method according to claim 1 , wherein debugging is not authorized for execution when the digital signature authentication mechanism is activated.
15. A motherboard control module, comprising:
a chip, storing a device identity of the motherboard control module; and
a flash memory, comprising a plurality of data regions; and
a controller, configured to access the device identity, obtain a corresponding chip unique password according to the device identity and a data region identity of a first data region of the data regions, compare a characteristic of the chip unique password with a first chip unique reference password stored in the first data region, encrypt the first data region by an exclusive proprietary private key of a manufacturer of the motherboard control module when the characteristic of the chip unique password matches the first chip unique reference password to generate a digital signature, enable the digital signature to be sent to a system manufacturer, wait to receive a debug approval corresponding to the digital signature from the system manufacturer, and upon receiving the debug approval, deactivate a digital signature authentication mechanism of the flash memory to authorize an execution of a debug function of the flash memory.
16. The motherboard control module according to claim 15 , wherein the controller further authorizes the execution of debugging when the chip unique password is identical to the first chip unique reference password.
17. The motherboard control module according to claim 15 , wherein, after obtaining the chip unique password, the controller further encrypts the chip unique password by an encryption algorithm to generate an encrypted chip unique password; and the characteristic of the chip unique password is the encrypted chip unique password.
18. The motherboard control module according to claim 17 , wherein the controller authorizes the execution of debugging when the encrypted chip unique password is identical to the first chip unique reference password.
19. The motherboard control module according to claim 15 , wherein the controller further, sends the digital signature to the first data region, and decrypts the digital signature by a public key corresponding to the first data region in the first data region to verify certification of the digital signature; the public key and the private key are a pair of mutually exclusive keys.
20. The motherboard control module according to claim 15 , wherein the chip unique password is stored in a database provided by a motherboard manufacturer of the motherboard control module.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.